- ssh_exchange_identification: Connection closed by remote host
- ssh_exchange_identification: Connection closed by remote host under Git bash [closed]
- ssh server: reasons for sudden «Connection closed by remote host»
- 5 Answers 5
- What causes SSH error: kex_exchange_identification: Connection closed by remote host?
- 15 Answers 15
ssh_exchange_identification: Connection closed by remote host
Firstly, I know that this question has been asked a million times, and I have read everything I can find and still cannot fix the problem. i am encountering this issue when ssh’ing in from my mac to my Ubuntu server on a fresh install of Ubuntu (I reinstalled because of this issue). I have SSH portmapped to 7070 because my ISP is blocking 22. On the client:
bash: ssh -p 7070 -v me@address.org debug1: Reading configuration data /etc/ssh_config debug1: Connecting to address.org port 7070. debug1: Connection established. debug1: identity file /home/me/.ssh/identity type -1 debug1: identity file /home/me/.ssh/id_rsa type 1 debug1: identity file /home/me/.ssh/id_dsa type -1 ssh_exchange_identification: Connection closed by remote host
bash: grep MaxStartups /etc/ssh/sshd_config #MaxStartups 10:30:60
- Made sure hosts.deny is clear of denials.
- Made sure hosts.allow has my client IP.
- Clear out known_hosts on client
- Changed ownership of /var/run to root
- Made sure etc/run/ssh is
- Made sure /var/empty exists
- Reinstall openssh-server
- Reinstall ubuntu
When I run telnet localhost , I get this:
telnet localhost Trying ::1. Trying 127.0.0.1. telnet: Unable to connect to remote host: Connection refused
Could not load host key: /etc/ssh/ssh_host_rsa_key Could not load host key: /etc/ssh/ssh_host_dsa_key
When I regenerate the keys with
ssh-keygen -t rsa -f /etc/ssh/ssh_host_rsa_key ssh-keygen -t dsa -f /etc/ssh/ssh_host_dsa_key
I am pretty sure this is the issue. Can anyone help?
ssh_exchange_identification: Connection closed by remote host under Git bash [closed]
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
I work at win7 and set up git server with sshd. I git —bare init myapp.git , and clone ssh://git@localhost/home/git/myapp.git in Cywgin correctly. But I need config git of Cygwin again, I want to git clone in Git Bash. I run git clone ssh://git@localhost/home/git/myapp.git and get following message
ssh_exchange_identification: Connection closed by remote host
debug2: ssh_connect: needpriv 0 debug1: Connecting to localhost [127.0.0.1] port 22. debug1: Connection established. debug1: identity file /c/Users/MoreFreeze/.ssh/identity type -1 debug3: Not a RSA1 key file /c/Users/MoreFreeze/.ssh/id_rsa. debug2: key_type_from_name: unknown key type '-----BEGIN' debug3: key_read: missing keytype debug3: key_read: missing whitespace // above it repeats 24 times debug2: key_type_from_name: unknown key type '-----END' debug3: key_read: missing keytype debug1: identity file /c/Users/MoreFreeze/.ssh/id_rsa type 1 debug1: identity file /c/Users/MoreFreeze/.ssh/id_dsa type -1 ssh_exchange_identification: Connection closed by remote host
it seems my private keys has wrong format? And I find that there are exactly 25 line in private keys without BEGIN and END . I’m confused why it said NOT RSA1 key, I totally ensure it is RSA 2 key. Any advises are welcome. btw, I have read first 3 pages on google about this problem.
ssh server: reasons for sudden «Connection closed by remote host»
One of my ec2 servers has stopped receiving ssh connections. The OS is Ubuntu server 8.04, and the ssh server is the standard openssh-server . After months of uptime, I tried to connet to it today, and got the following message:
ssh_exchange_identification: Connection closed by remote host
Any idea what could have went wrong? Update: After a reboot, the server started receiving new connections. Disks are below 50% usage.
First thing to do when you see this: try again with ssh -vvv , and look carefully through the output (or post it all for someone else to analyse; your password won’t appear, but IP addresses and user names will).
5 Answers 5
Now that you once again have access, check the log to determine what, if any, clues there are as to why you were blocked.
tail -n300 /var/log/auth.log | grep ssh 1
The other thing to remember is that, if it happens again, you can run ssh in verbose mode with the -vvv option, which will return more detailed diagnostic information. From man ssh :
-v Verbose mode. Causes ssh to print debugging messages about its progress. This is helpful in debugging connection, authentication, and configuration problems. Multiple -v options increase the verbosity. The maximum is 3.
[1] You may need to increase/decrease the amount you tail by ( -n ) to identify the relevant entries.
What causes SSH error: kex_exchange_identification: Connection closed by remote host?
I setup a SSH server online that is publicly accessible by anyone. Therefore, I get a lot of connections from IPs all over the world. Weirdly, none actually try to authenticate to open a session. I can myself connect and authenticate without any problem. From time to time, I get the error: kex_exchange_identification: Connection closed by remote host in the server logs. What causes that? Here is 30 minutes of SSH logs (public IPs have been redacted):
# journalctl SYSLOG_IDENTIFIER=sshd -S "03:30:00" -U "04:00:00" -- Logs begin at Fri 2020-01-31 09:26:25 UTC, end at Mon 2020-04-20 08:01:15 UTC. -- Apr 20 03:39:48 myhostname sshd[18438]: Connection from x.x.x.207 port 39332 on 10.0.0.11 port 22 rdomain "" Apr 20 03:39:48 myhostname sshd[18439]: Connection from x.x.x.207 port 39334 on 10.0.0.11 port 22 rdomain "" Apr 20 03:39:48 myhostname sshd[18438]: Connection closed by x.x.x.207 port 39332 [preauth] Apr 20 03:39:48 myhostname sshd[18439]: Connection closed by x.x.x.207 port 39334 [preauth] Apr 20 03:59:36 myhostname sshd[22186]: Connection from x.x.x.83 port 34876 on 10.0.0.11 port 22 rdomain "" Apr 20 03:59:36 myhostname sshd[22186]: error: kex_exchange_identification: Connection closed by remote host
# ssh -V OpenSSH_8.2p1, OpenSSL 1.1.1d 10 Sep 2019 # cat /etc/ssh/sshd_config UsePAM yes AddressFamily any Port 22 X11Forwarding no PermitRootLogin prohibit-password GatewayPorts no PasswordAuthentication no ChallengeResponseAuthentication no PrintMotd no # handled by pam_motd AuthorizedKeysFile .ssh/authorized_keys .ssh/authorized_keys2 /etc/ssh/authorized_keys.d/%u HostKey /etc/ssh/ssh_host_rsa_key HostKey /etc/ssh/ssh_host_ed25519_key KexAlgorithms curve25519-sha256@libssh.org,diffie-hellman-group-exchange-sha256 Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,umac-128@openssh.com LogLevel VERBOSE UseDNS no AllowUsers root AuthenticationMethods publickey MaxStartups 3:100:60
After searching the web, I have seen references to MaxStartups indicating that it could be the reason for this error but after changing the default value as shown in my sshd_config and attempting more than 3 connections, the server unambiguously indicates the probem
Apr 20 07:26:59 myhostname sshd[31468]: drop connection #3 from [x.x.x.226]:54986 on [10.0.0.11]:22 past MaxStartups
The error means connection is established and then dropped without any good reason. This can happen either 1. if sshd consume too much resources at some point or 2. it can be firewall dropping too many connections or 3. it is tcpd doing that or 4. kernel limits (like high ports exhaust). First you can look in firewall settings for any limits and if none found try to run sshd with debugging option.
15 Answers 15
Weirdly, none actually try to authenticate to open a session.
Some spiders and services like Shodan scans public ipv4 addresses for open services, e.g. salt masters, ftp servers, RDPs, and also SSH services. These spiders usually only connect to the services without doing any valid authentication steps.
I get the error: kex_exchange_identification : Connection closed by remote host in the server logs. What causes that?
I haven’t found conclusive answers about that, so. time to browse the source then.
In OpenSSH source code, kex_exchange_identification is a function to exchange server and client identification (duh), and the specified error happened if the socket connection between OpenSSH server and client is interrupted (see EPIPE ), i.e. client already closed its connection.
Related to this: I installed ntopng recently and network discovery was turned on. This caused these messages to appear
I’ve just had this exact issue, and the cause was that I had a port translation happening internally to the load balancer, meaning that my ssh connections were reaching the host on port 80 instead of port 22 .
The host was they rightly terminating the connections, and the error message returned to my terminal was as follows;
~/Documents/Projects$ ssh -vvvvA dave@xx.xx.xx.250 OpenSSH_8.1p1, LibreSSL 2.7.3 debug1: Reading configuration data /Users/dave/.ssh/config debug1: Reading configuration data /etc/ssh/ssh_config debug1: /etc/ssh/ssh_config line 47: Applying options for * debug2: resolve_canonicalize: hostname xx.xx.xx.250 is address debug2: ssh_connect_direct debug1: Connecting to xx.xx.xx.250 [xx.xx.xx.250] port 22. debug1: Connection established. debug1: identity file /Users/dave/.ssh/id_rsa type 0 debug1: identity file /Users/dave/.ssh/id_rsa-cert type -1 debug1: identity file /Users/dave/.ssh/id_dsa type -1 debug1: identity file /Users/dave/.ssh/id_dsa-cert type -1 debug1: identity file /Users/dave/.ssh/id_ecdsa type -1 debug1: identity file /Users/dave/.ssh/id_ecdsa-cert type -1 debug1: identity file /Users/dave/.ssh/id_ed25519 type -1 debug1: identity file /Users/dave/.ssh/id_ed25519-cert type -1 debug1: identity file /Users/dave/.ssh/id_xmss type -1 debug1: identity file /Users/dave/.ssh/id_xmss-cert type -1 debug1: Local version string SSH-2.0-OpenSSH_8.1 debug1: kex_exchange_identification: banner line 0: HTTP/1.1 400 Bad Request debug1: kex_exchange_identification: banner line 1: Server: nginx/1.14.0 (Ubuntu) debug1: kex_exchange_identification: banner line 2: Date: Fri, 20 Nov 2020 09:30:23 GMT debug1: kex_exchange_identification: banner line 3: Content-Type: text/html debug1: kex_exchange_identification: banner line 4: Content-Length: 182 debug1: kex_exchange_identification: banner line 5: Connection: close debug1: kex_exchange_identification: banner line 6: debug1: kex_exchange_identification: banner line 7: debug1: kex_exchange_identification: banner line 8: debug1: kex_exchange_identification: banner line 9: debug1: kex_exchange_identification: banner line 10: 400 Bad Request
debug1: kex_exchange_identification: banner line 11:
nginx/1.14.0 (Ubuntu) debug1: kex_exchange_identification: banner line 12: debug1: kex_exchange_identification: banner line 13: kex_exchange_identification: Connection closed by remote host
Fixed the internal port translation, and now the problem has gone away.